Download a file over an active SSH session
I want to download a file from an active SSH session. In many cases I probably could just use SFTP, scp
, rsync
et al but there are times where I have elevated permissions on the remote server in a way I cannot use these methods.
If you're struggling to understand what I mean, imagine that you wanted to download something from /root/
or /var/log/auth.log
. Root login is disabled (because we're not idiots). How do you get that file? Copy it out somewhere less protected and then move it? This is clunky. There are also scenarios where the remote path is complex or temporary, or isn't even a path because I want the output of a remote command stored locally. Store remotely, then copy? Clunk!
There are several more clunky ways to achieve versions of these but in an ideal world, I would have something akin to local write access from the remote server, using the existing SSH session as a conduit. Something like (this is just an artist's impression):
$oli@remote: cp /root/cheesecake /local/
And it just appears in my local cwd
. And bidirectional access wouldn't be a bad thing.
It's been eight long years since I asked this question and we've seen a real range of clunk, but it remains a problem that I still struggle with occasionally.
I've refactored the question into something a lot more idealistic. I fully understand that there may not currently be a perfect answer. All past and future efforts towards my ideal are appreciated.
You may want to check out zssh, which is available in universe, and therefore available with
sudo apt-get install zssh
You need it on your ubuntu server and on your client, but basically when logged in with zssh, you just hit 'ctrl-@' and it brings up the "File transfer mode" which allows you to send files back down the pipe to your client machine, or upload them from client to server.
However, you don't have to re-auth or open a new window to scp.
If you're using ssh keys, and an ssh agent, you can quite easily do:
[enter]~[ctrl]-Z
Which will background ssh, and then just scp $!:/whatever/whatever .'
Once the file is transferred, fg
to get ssh back.
If you aren't using ssh keys, you can still use the "ControlMaster" and "ControlPath" options added to recent OpenSSh versions, but that gets tricky, check man ssh_config
Assuming you're running an ssh server on your desktop (there are ways around this, but I think they all add complexity, and possibly have security problems), you can set up a reverse ssh tunnel. See SSH easily copy file to local system. over at unix.SE.
- Type Enter
~C
Enter-R 22042:localhost:22
Enter to create a reverse port forwarding from your server to your desktop (22042 can be any port number between 1024 and 65534 that's not in use). - Then
scp -P 22042 foo localhost:
will copy the filefoo
in your current directory on the server to your home on the desktop. - Now move the file into your current directory on the desktop by typing Enter
~
Ctrl+Zmv ~/foo .
Enterfg
Enter.
Ssh escape sequences begin with ~
; the tilde is only recognized after a newline. ~ Ctrl+Z
puts ssh into the background. ~C
enters a command line where you can create or remove a forwarding.
I came up with a way to do this with standard ssh. It's a script that duplicates the current ssh connection, finds your working directory on the remote machine and copies back the file you specify to the local machine. It needs 2 very small scripts (1 remote, 1 local) and 2 lines in your ssh config. The steps are as follows:
-
Add these 2 lines to your
~/.ssh/config
:ControlMaster auto ControlPath ~/.ssh/socket-%r@%h:%p
Now if you have an ssh connection to machineX open, you wont need passwords to open another one.
-
Make a 1-line script on the remote machine called
~/.grabCat.sh
\#!/bin/bash<br> cat "$(pwdx $(pgrep -u $(whoami) bash) | grep -o '/.*' | tail -n 1)"/$1
-
Make a script on the local machine called ~/.grab.sh
\#!/bin/bash [ -n "$3" ] && dir="$3" || dir="." ssh "$1" ".grabCat.sh $2" > "$dir/$2"
-
and make an alias for grab.sh in (
~/.bashrc
or wherever):alias grab=~/.grab.sh
That's it, all done. Now if you're logged in to machineX:/some/directory
, just fire up a new terminal and type
grab machineX filename
That puts the file in your current working directory on the local machine. You can specify a different location as a third argument to "grab".
Note: Obviously both scripts must be "executable", ie chmod u+x filename
.
If your client machine (the machine you are sitting at) is called machineA and the machine you are currently SSH'ed into is called machine B. MachineA, your local machine must have SSHD running and port 22 open. Then:
scp myfile machineA:
Copies myfile
on MachineB to my MachineA home directory on machineA. This assumes userid/password are the same.
scp myfile machineA:/newdir/newname
Copies myfile
one MachineB to /newdir/newname
on machineA. This assumes userid/password are the same.
scp MachineA:/path/to/my/otherfile .
Gets a copy of otherfile
from my MachineA directory on MachineA and puts it in my current working directory on the MachineB machine (designated in standard UNIX fashion by the "dot" (.) character). This assumes userid/password are the same.
If the userid/password are not the same then use:
scp myfile user@MachineA:
to get file.
scp user@MachineA:/path/to/my/otherfile .
to put files
NOTES about SCP:
Just like the cp
command, scp
has a -p option to propagate the permission settings of the original file to the copy (otherwise the copy is made with the normal settings for new files), and a -r option to copy an entire directory tree with one command.
scp
creates a completely transparent encrypted data channel between the two machines, so binary data (such as images or executable programs) is preserved correctly. This also means that scp
is unable to perform automatic end-of-line termination conversion between different types of operating systems, as can be done with ftp in "ascii" mode. That will not be a problem when copying between Unix systems, which all use the same end-of-line convention.
if you access server via ssh, you get the ability to connect via sftp as well. Keep filezilla client (GUI) handy and paste the path you are currently on